Hackers Find Way To Hit Hushmail

from the back-door dept

Hushmail, the web-based email service that boasts "total security," just got a dose of insecurity. Apparently someone hacked into Hushmail's domain name registrar, Network Solutions, and redirected the website to a staged site with graffiti. The company says no data was compromised, but even a minor security breach looks pretty bad when security is your raison d'etre. Just goes to show that maybe you can never be too paranoid when it comes to securing your computing experience, as Mark Burnett writes in his column. He admits that his precautions might be extreme (50-character passwords, anyone?), but that they can't hurt either. Sometimes, they even deter new, unanticipated threats. In other words, even super-secure email services are susceptible to attack and might benefit from other means of protection.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    dan, 27 Apr 2005 @ 7:51am

    can't hurt?

    "He admits that his precautions might be extreme (50-character passwords, anyone?), but that they can't hurt either."

    I disagree -- even if it's a 50 character password, you still need to throw non-alphanumerics in there (to avoid dictionary attack). At that point, in order to remember a 50 char password, it's going to have to be written down somewhere, or in some way obvious (otherwise you'll lock yourself out, too). So it could hurt.

    Really, what's needed (and has been mentioned here before) is a combination of a good password of reasonable length (10 chars?) PLUS some personal identifier (bioinformatics, one of those hardware devices with a constantly changing key (drawing a blank on what they're called)).

    link to this | view in chronology ]

    • identicon
      Joe Blo, 27 Apr 2005 @ 9:38am

      Re: can't hurt?

      "I disagree -- even if it's a 50 character password, you still need to throw non-alphanumerics in there (to avoid dictionary attack)."
      The only reason to put non-alphanumerics in your password is because a paranoid password program requires it. People naturally assume that a password needs to be a variation on a dictionary word in order to remember it. This is not true. Type the string "cde34rfv" and you'll see what I mean. The position of the keys makes it easy to remember and it doesn't appear in any dictionary. The 3 and 4 are completely optional, I might just as well have used "cderfvbgt". You can think of times your fingers "knew" a familiar password your mind had forgotten. The sequence of keypresses is what is remembered best, the decoded mnemonic information such as your dog's name is secondary.

      link to this | view in chronology ]

      • identicon
        thecaptain, 28 Apr 2005 @ 5:05am

        Re: can't hurt?

        Hate to burst your bubble, but sophisticated dictionary attacks take that into consideration.

        They not only cover known words, but the passwords you describe are also covered as "words". Its all about likely combinations, and frankly, your method is a VERY LIKELY combination.

        So you might want to go rethink those passwords.

        link to this | view in chronology ]

  • identicon
    Mike, 27 Apr 2005 @ 8:14am

    Hushmail Attacked? Nah...

    If I read this correctly, Network Solutions got attacked and the domain name was redirected. Hushmail's system did not get attacked.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.